summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-08-16 13:02:05 +0200
committerFlorian Dold <florian@dold.me>2021-08-16 13:02:05 +0200
commit73acf3905c6e628f1022c706557c4955d52e13b6 (patch)
treee023ae4efa3a04f93e672e4944fe4c5a8a98c560
parent2268e4b9c7de07f753dc817616e730766eacffe9 (diff)
downloaddocs-73acf3905c6e628f1022c706557c4955d52e13b6.tar.gz
docs-73acf3905c6e628f1022c706557c4955d52e13b6.tar.bz2
docs-73acf3905c6e628f1022c706557c4955d52e13b6.zip
address CG's spec comment
-rw-r--r--merchant-spec/public-orders-get.ts11
1 files changed, 3 insertions, 8 deletions
diff --git a/merchant-spec/public-orders-get.ts b/merchant-spec/public-orders-get.ts
index ef9eee3f..4a98aab4 100644
--- a/merchant-spec/public-orders-get.ts
+++ b/merchant-spec/public-orders-get.ts
@@ -59,14 +59,9 @@ function handlePublicOrdersGet(mos: MerchantOrderStore, req: Req): Resp {
(ord.requireClaimToken && ord.claimToken === req.claimToken) ||
!ord.requireClaimToken;
- if (authMissing) {
- // Client is trying to get the order status of a claimed,
- // unpaid order. However, the client is not showing authentication.
- //
- // CG-FIXME: Eh, nothing here suggests the order is _claimed_.
- // The branch above is wrong, as an unclaimed order without
- // requireClaimToken must not end up here! So I think
- // we here need authMissing && !authOk in the branch above!
+ if (authMissing && ord.requireClaimToken) {
+ // Client is trying to get the order status of an
+ // order. However, the client is not showing authentication.
//
// This can happen when the fulfillment URL includes the order ID,
// and the storefront redirects the user to the backend QR code